Expanding Draconian Computer Fraud and Abuse Act Powers
Expanding Draconian Computer Fraud and Abuse Act Powers
by Stephen Lendman
A previous article discussed CFAA. It explained the following:
It's an anti-hacking law. It's a computer trespass law. It criminalizes accessing computer systems "without authorization."
"(E)xceeds authorized access" terminology was left undefined.
In 1984, it was enacted. It was amended numerous times. It's primarily a criminal law. It covers seven types of offenses.
They include obtaining national security information, compromising confidentiality, trespassing in a government computer, accessing a system to defraud and/or obtain value, damaging a computer or information therein, trafficking in passwords, and threatening to damage a computer.
A 1994 amendment permits civil actions. In 2001, Patriot Act provisions addressed computer crime. They require Internet service providers to report suspicious information or activity "without delay."
Disproportionately harsh penalties harm innocent victims. CFAA was misused against Aaron Swartz. He was maliciously targeted.
"Congress could change" it, he said, "but everyone knows that waiting for congressional action nowadays is a fool's game."
CFAA "is the most outrageous criminal law you've never heard of."
Law Professor Orin Kerr's a former Justice Department attorney. He's a leading computer criminal law scholar. He calls CFAA unconstitutionally vague.
No one knows what "unauthorized access" means, he says. Prosecutors can put "any Internet user they want" in prison. CFAA is "egregiously overbroad." It's "a nightmare for a country that calls itself free."
The Ninth Circuit Court of Appeals called prosecutorial interpretation "expansive," "broad," and "sweeping."
Instead of rescinding its draconian provisions, House Judiciary Committee Republicans want them expanded.
April 23 begins "Cybersecurity Week." House Republicans want Internet freedoms compromised. They want quick action.
They want CISPA 2.0 passed (Cyber Intelligence Sharing and Protection Act). It’s more about destroying personal freedom than online security.
It gives government and corporate supporters unlimited power to access personal/privileged information online. Doing so compromises civil liberty protections.
Innocuous online activities can be called cybersecurity threats. Eroded privacy laws will be gutted.
Web sites visited, personal emails, and other contacts may be freely accessed. Anything we say online innocently may be used against us.
House Republicans want CFAA toughened. They want racketeering provisions included. They want penalties increased. They want draconian ones for minor infractions. They want maximum sentences for others.
They want "exceeding authorized access" expanded to mean "even if the accessor may be entitled to obtain or alter the same information in the computer for other purposes."
Under CFAA section (a)(4), Aaron Swartz faced four charges. Each carried a maximum five year sentence.
EFF, Kerr and others propose rescinding (a)(4). It creates double penalties for behavior criminalized elsewhere in US law.
CFAA 2.0 increases maximum penalties to 20 years for each charge. Internet scholar James Grimmelmann calls doing so "simply obscene."
Minor infractions can be called racketeering. Everyone's potentially vulnerable. Prosecutors can target anyone they don't like.
Conspiracy penalties are included. They match those offenders get. Discussing computer infractions online without committing them can land people in prison.
CFAA 2.0 clarifies "exceeding authorized access." It includes accessing information for "impermissible purpose(s)." It does so even if permission was granted.
It criminalizes any terms of service called violations. It overrides 4th and 9th Circuit Court rulings.
CFAA egregiously oversteps. Toughening it makes it worse. EFF says prosecutors have "more than enough tools it needs to go after real criminals…."
They include criminal copyright legislation, trade secrets, identify theft, and more. Enacting more compromises online freedom.
Maliciously targeting Aaron Swartz shows what anyone potentially may face. He advocated online freedom. He worked tirelessly for what's right.
He challenged repressive Internet laws. He did nothing criminal. He was charged anyway. He faced up to 35 years in prison and a $1 million fine.
He wanted scientific/scholarly articles liberated. They belong in the public domain. He wanted everyone given access. It's their right, he believed.
He wanted a single giant dataset established. He did it before. He wasn't charged.
In a "physical world," said EFF, he'd have faced minor charges at worst. They'd replicate unauthorized trespassing. They'd carry reprimands at most and perhaps small fines.
Similar online behavior changes things. Victims face possible longterm imprisonment. It reflects gross injustice. Reform is long overdue.
House Republicans want nightmarish provisions enacted. They want penalties toughened. They waging cyberwar on Internet freedom.
The Hill said they want current law expanded "so that an attempt at a cyber crime can be punished as harshly as an actual offense."
So far, CFAA 2.0 is unnamed. It's unclear which Judiciary Committee members sponsor it. It's still in its early drafting stage. It's "being circulated to stakeholders for their feedback and possible changes."
Kerr calls CFAA 2.0 "a step backward, not (one) forward." It gives aggressive prosecutors what they want. It makes it easier for them to target anyone they wish.
It makes minor infractions criminal acts. It gravely compromises online freedom.
Current CFAA legislation is draconian. Toughening it makes it worse. Congress seems hellbent on doing it.
Obama declared global cyberwar. He called cyber-threats "one of the most serious economic and national security challenges we face as a nation."
"America's economic prosperity in the 21st century will depend on cybersecurity."
He supports draconian cybersecurity bills. Enactment potentially destroys online freedom. It's already seriously compromised. Tell Congress to fix CFAA, urges EFF:
"(1) No more criminal penalties for violating a website's fine print
(2) No criminal penalties for circumvention techniques that protect privacy and promote security
(3) Make penalties proportionate to offenses"
CFAA's "heavy-handed penalties (show) no regard for whether an act was done to further the public good."
Visionaries like Aaron Swartz should spent time "building our future, not worrying about wasting away in prison."
Congress must act now to ensure "penalties make sense in light of the behavior they're meant to punish."
Maliciously targeting Swartz shows what anyone possibly faces. It’s why draconian CFAA provisions must be rescinded. Toughening them is unconscionable.
Stephen Lendman lives in Chicago. He can be reached at email@example.com.
His new book is titled "Banker Occupation: Waging Financial War on Humanity."
Visit his blog site at sjlendman.blogspot.com.
Listen to cutting-edge discussions with distinguished guests on the Progressive Radio News Hour on the Progressive Radio Network.
It airs Fridays at 10AM US Central time and Saturdays and Sundays at noon. All programs are archived for easy listening.